Helm values from secrets/configmaps

Question

Helm values from secrets/configmaps

TheKangaroo opened this issue a year ago · 4 comments

We use kustomize to generate configmaps from values.yaml files for better readability over the inline spec.values in HelmReleases and reference them in the spec.valuesFrom array.
These values will be ignored by flux-local on helm inflation because only the spec.values field is used (https://github.com/allenporter/flux-local/blob/main/flux_local/helm.py#L221).
I wonder if we could optionally (it is not guaranteed that the cm/secret is deployed via flux) pull in secret/cm values files if they exist in the content object.
I would like to try and implement this if it sounds like a valuable addition.
I will need some time to dig into the code though.

Example, this does not work at the moment:
example.yaml

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: example
  namespace: example
spec:
  interval: 5m
  chart:
    spec:
      chart: example
      version: "0.1.0"
      sourceRef:
        kind: HelmRepository
        name: example
        namespace: flux-system
      interval: 1m
  valuesFrom:
    - kind: ConfigMap
      name: example-values
      optional: true

kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - example.yaml
configMapGenerator:
  - files:
    - values.yaml=example-values.yaml
    name: example-values
    namespace: example
generatorOptions:
  disableNameSuffixHash: true

example-values.yaml

image:
  repository: "..."
  tag: "..."

Answer 1 · 2023-09-18T14:07:04.000Z

This may be a difficult change to make, but seems reasonable to support. What would likely need to happen is one of the visitors would need to hold on to the relevant objects and know to pass them into the HelmRelease template function, or needs to do some kind of lookup against those objects when templating.

There are features coming, though with an unclear roadmap, that may obsolete much of flux-local which is they'll build the same functionality of flux diff to work for HelmRelease -- some discussion here fluxcd/helm-controller#652 though as i said their roadmap is unclear and the timeline keeps shifting a bit. It may be worth waiting to see how that pans out.

Answer 2 · 2023-09-18T15:42:13.000Z

I see. I have been reading a bit through the flux issues and discussions and from this thread I assume it will take some time before a flux diff for HelmReleases will be possible. He mentioned in that thread that fluxcd/helm-controller#487 is a prerequisite and it is still open.

Answer 3 · 2024-04-16T02:38:22.000Z

I think this was resolved in #472

Answer 4 · 2024-04-16T02:38:43.000Z

I'm going to mark as fixed but reopen if anything is missing.